CVE-2023-3323 Code Execution through overwriting project file on zenon engineering studio system

A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts...

Panasonic Control FPWIN Pro 安全漏洞

Panasonic Control FPWIN Pro is a programming software from Panasonic Corporation Japan. A security vulnerability exists in Panasonic Control FPWIN Pro 7.6.0.3 and prior versions, which stems from a type confusion vulnerability that could allow execution of arbitrary code when opening a specially...

Panasonic Control FPWIN Pro 缓冲区错误漏洞

Panasonic Control FPWIN Pro is a programming software from Panasonic Corporation Japan. A security vulnerability exists in Panasonic Control FPWIN Pro version 7.6.0.3 and prior versions, which stems from a buffer overflow vulnerability that could allow an attacker to execute arbitrary code when...

CVE-2023-37200

A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause loss of confidentiality when replacing a project file on the local filesystem and after manual restart of the server...

CVE-2023-37200

A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause loss of confidentiality when replacing a project file on the local filesystem and after manual restart of the server...

Schneider Electric EcoStruxure OPC UA Server Expert 代码问题漏洞

Schneider Electric EcoStruxure OPC UA Server Expert is an energy management and industrial automation application from Schneider Electric France. A code issue vulnerability exists in Schneider Electric EcoStruxure OPC UA Server Expert SV2.01 SP2 and prior versions, which stems from a potential lo...

Jenkins AbsInt a³ Plugin XML External Entity Reference vulnerability

Jenkins AbsInt a³ Plugin 1.1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control Project File APX contents to have Jenkins parse a crafted XML document that uses external entities for extraction of secrets from the...

GHSA-WF8M-QR47-XC9M Jenkins AbsInt a³ Plugin XML External Entity Reference vulnerability

Jenkins AbsInt a³ Plugin 1.1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control Project File APX contents to have Jenkins parse a crafted XML document that uses external entities for extraction of secrets from the...

The vulnerability of the software for configuring Schneider Electric EcoStruxure Operator Terminal Expert HMI terminals and the SCADA Pro-face BLUE software allows a perpetrator to execute arbitrary codes.

The vulnerability of Schneider Electric EcoStruxure Operator Terminal Expert HMI configuration software and SCADA Pro-face BLUE software is related to the possibility of code injection. Exploiting this vulnerability allows a perpetrator to execute arbitrary code by loading a specially crafted...

CVE-2023-1049

A CWE-94: Improper Control of Generation of Code 'Code Injection' vulnerability exists that could cause execution of malicious code when an unsuspicious user loads a project file from the local filesystem into the HMI...

CVE-2023-29498

Improper restriction of XML external entity reference XXE vulnerability exists in FRENIC RHC Loader v1.1.0.3 and earlier. If a user opens a specially crafted project file, sensitive information on the system where the affected product is installed may be disclosed...

CVE-2023-30757

A vulnerability has been identified in Totally Integrated Automation Portal TIA Portal V14 All versions, Totally Integrated Automation Portal TIA Portal V15 All versions, Totally Integrated Automation Portal TIA Portal V15.1 All versions, Totally Integrated Automation Portal TIA Portal V16 All...

Design/Logic Flaw

A vulnerability has been identified in Totally Integrated Automation Portal TIA Portal V14 All versions, Totally Integrated Automation Portal TIA Portal V15 All versions, Totally Integrated Automation Portal TIA Portal V15.1 All versions, Totally Integrated Automation Portal TIA Portal V16 All...

CVE-2023-30757

The CVE-2023-30757 issue affects Siemens Totally Integrated Automation Portal (TIA Portal) products, specifically V14 through V20 across affected versions. The vulnerability is a Protection Mechanism Failure: the know-how protection feature does not correctly update the encryption of existing pro...

CVE-2023-30757

A vulnerability has been identified in Totally Integrated Automation Portal TIA Portal V14 All versions, Totally Integrated Automation Portal TIA Portal V15 All versions, Totally Integrated Automation Portal TIA Portal V15.1 All versions, Totally Integrated Automation Portal TIA Portal V16 All...

Siemens TIA Portal

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

CVE-2023-32203

Horner Automation Cscape lacks proper validation of user-supplied data when parsing project files e.g., HMI. This could lead to an out-of-bounds write at CScapeEnvisionRV+0x2e374b. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process...

CVE-2023-28653

The affected application lacks proper validation of user-supplied data when parsing project files e.g., CSP. This could lead to a use-after-free vulnerability. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process...

Horner Automation Cscape 缓冲区错误漏洞

Horner Automation Cscape is a suite of programming software for industrial control system development from Horner Automation, USA. A buffer error vulnerability exists in Horner Automation Cscape v9.90 SP8 and Cscape EnvisionRV v4.70, which stems from a lack of proper validation of user-supplied...

Horner Automation Cscape 缓冲区错误漏洞

Horner Automation Cscape is a suite of programming software for industrial control system development from Horner Automation. A buffer error vulnerability exists in Horner Automation Cscape version v9.90 SP8, which stems from a lack of proper validation of user-supplied data when parsing a projec...